Iranian hackers might be the next criminal group to be worried about, after the country has joined the ranks of Russia, North Korea, the US and African countries when it comes to cyberespionage operations.
Research carried out by Accenture Security iDefense states that Iran has surfaced as a major security threat. “The Iranian government and hacktivists located in Iran pose a disruptive or destructive cyber threat against the United States, Europe, and the Middle East,” reads the report.
The country is step-by-step turning into a focal point for cyberespionage operations, confirmed by the high number of attacks originating from Iran in the first half of 2018, specifically state-sponsored campaigns with an increased focus on other nations in the Middle East.
As shown by research, Iranian hackers’ preferred method of attack is Android-based malware and ransomware launched not only against governments, but also consumers and businesses. Google Play store is almost satiated by various applications infected with malware which once downloaded install malicious code on smartphones. However, legitimate apps are also targeted by Iranian hackers who seek ways to corrupt them to gain unauthorized access into a user’s device.
One of the Iranian hacker groups Accenture has been looking into goes by the name of PIPEFISH, also known as OilRig, a group with cyberespionage attack patterns spread out across the Middle East, primarily based on custom ransomware and cryptocurrency miners. Among top targets are companies operating in the energy sector in The United Arab Emirates, Qatar and Saudi Arabia.
“iDefense threat intelligence has maintained an effective tracking collection of PIPEFISH despite this threat group’s continuous changes and shifting of techniques,” reads the report. “It has consistently shown a propensity to reuse metadata, IP infrastructure, components of lure documents, and domain registrants, which has enabled analysts to produce high-confidence intelligence against the group.”